BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

follow-up: Processor Warns of Hacking Trend

From: security curmudgeon <jericho () attrition org>
Date: Tue, 1 May 2012 00:12:03 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.bankinfosecurity.com/processor-warns-hacking-trend-a-4720

By Tracy Kitten
Bank Info Security
April 30, 2012

Over the past year, First Data, the largest payments processor in the 
U.S., has seen an uptick in "trolling" - hackers sniffing networks for 
remote access into point-of-sale systems that are open or loosely 
protected.

The targets: Smaller merchants, those categorized by Visa as Level 4. 
These merchants process fewer than 1 million transactions per year and 
account for 32 percent of Visa's U.S. transactions. They also are largely 
non-compliant with the Payment Card Industry Data Security Standard.

The risk, says John Graham, vice president of global information assurance 
and risk at First Data Corp., is that because these smaller merchants are 
not PCI compliant, they are vulnerable to breaches of credit and debit 
card data. "Over the last 12 months or so, trolling has really become 
prevalent," Graham says.

So, too, have breaches. Erik Rasmussen, a special agent within the Cyber 
Intelligence Section of the U.S. Secret Service's Criminal Investigative 
Division, says most card fraud incidents today stem from POS hacks. "The 
No.1 way criminals are getting in is through remote access to the 
backhouse server," Rasmussen said during a recent RSA Conference 
presentation.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: